Microsoft’s security team has come across a malware family that uses Intel’s Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool.
Because of the way the Intel AMT SOL technology works, SOL traffic bypasses the local computer’s networking stack, so local firewalls or security products won’t be able to detect or block the malware while it’s exfiltrating data from infected hosts.
Malware uses Intel CPU feature to steal data
2017-06-08 Privacy, Security 9 Comments
Of course, putting the building blocks of a rootkit into the CPU was a good idea.